Facts About LinkedIn Intro Security

LinkedIn has addressed accusations and assertions about its launch of Intro on Wednesday last week.

In an official blog post, the professional social network clarified and shared more details about LinkedIn Intro, its security in particular.

Since the introduction of Intro, speculations have been made about its implementation that LinkedIn’s Cory Scott had to blog about the “inaccuracies” and “misperceptions.”

Scott wrote that the LinkedIn Security team initially started with a core design for Intro, wherein they developed what they considered the most secure implementation possible.

Scott added that the team investigated several security threat models and even issued a challenge against each other to study scenarios of potential threats.

In regard to how the LinkedIn Security team handles email data, Scott said company documents – the Pledge of Privacy or the LinkedIn Privacy Policy in particular – will help clear up the team’s intents.

LinkedIn’s product design decisions and succeeding implementation are reexamined against the policies created by the company’s Security and Legal teams.

Nonetheless, Scott said the LinkedIn Security team encourages people to contribute to an open discussion about threats in online services that deal with email and sensitive data.

6. All communication channels use SSL/TLS at each point of entry for emails between LinkedIn Intro, the third-party mail system, and the device itself.

Scott said the team never allows mail contents to enter their system unencrypted when the mail flows through LinkedIn Intro, and deletes the encrypted content from its systems after the user has retrieved the email.

7. The security team ensured the effect of the iOS profile is unobtrusive to the member or user.

Scott said it is vital to note that the team only adds an email account that communicates with Intro, and the profile uses a certificate to communicate with the Intro Web end via a Web shortcut on the device.

Scott opposed a blog post written by security firm Bishop Fox on Thursday that the team will change the device’s security profile in a different manner.